mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
RM-872: "admin" can access all areas of the file plan without have been given an explicit role or permissions.
* it now valid for admin to have access to the file plan * rmadmin is still created and always has admin rights to file plans, but by default is created with a random password * admin has permissions to reset rmadmin password if administration of RM file plans needs to be delegated * rmadmin name I18n'ed * rmadmin patch and creation code updated git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@55205 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
@@ -26,10 +26,10 @@ cache.writersSharedCache.maxItems=10000
|
||||
#
|
||||
# Global RM admin default bootstrap details
|
||||
#
|
||||
# Note: rmadmin is created with a randomly generated password. This can be changed by 'admin' if
|
||||
# required.
|
||||
#
|
||||
bootstrap.rmadmin.name=rmadmin
|
||||
bootstrap.rmadmin.pwd=rmadmin
|
||||
bootstrap.rmadmin.firstName=Records Management
|
||||
bootstrap.rmadmin.lastName=Administrator
|
||||
|
||||
#
|
||||
# Indicates whether RM rules will be run as RM Admin or not by default
|
||||
|
||||
@@ -15,4 +15,3 @@ rm.service.parent-record-folder-type=Can't create record folder, because the par
|
||||
rm.service.record-folder-type=Can't create record folder, because the provided type is not a sub-type of rm:recordFolder. (type={0})
|
||||
rm.service.not-record=The node {0} is not a record.
|
||||
rm.service.vital-def-missing=Vital record definition aspect is not present on node. (nodeRef={0})
|
||||
rm.hold.name=Hold
|
||||
@@ -0,0 +1,4 @@
|
||||
bootstrap.rmadmin.firstName=Records Management
|
||||
bootstrap.rmadmin.lastName=System Administrator
|
||||
|
||||
rm.hold.name=Hold
|
||||
@@ -37,6 +37,7 @@
|
||||
<value>alfresco.module.org_alfresco_module_rm.messages.audit-service</value>
|
||||
<value>alfresco.module.org_alfresco_module_rm.messages.capability-service</value>
|
||||
<value>alfresco.module.org_alfresco_module_rm.messages.dataset-service</value>
|
||||
<value>alfresco.module.org_alfresco_module_rm.messages.rm-system</value>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
@@ -122,7 +122,6 @@
|
||||
<property name="authenticationService" ref="AuthenticationService" />
|
||||
<property name="personService" ref="PersonService" />
|
||||
<property name="filePlanAuthenticationService" ref="FilePlanAuthenticationService" />
|
||||
<property name="password" value="${bootstrap.rmadmin.pwd}" />
|
||||
</bean>
|
||||
|
||||
<bean id="org_alfresco_module_rm_RMv21RecordInheritancePatch"
|
||||
|
||||
@@ -1195,8 +1195,6 @@
|
||||
<bean id="filePlanAuthenticationService"
|
||||
class="org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl">
|
||||
<property name="rmAdminUserName" value="${bootstrap.rmadmin.name}" />
|
||||
<property name="rmAdminFirstName" value="${bootstrap.rmadmin.firstName}" />
|
||||
<property name="rmAdminLastName" value="${bootstrap.rmadmin.lastName}" />
|
||||
<property name="tenantService">
|
||||
<ref bean="tenantService"/>
|
||||
</property>
|
||||
|
||||
@@ -60,8 +60,6 @@ public class FreezeAction extends RMActionExecuterAbstractBase
|
||||
recordsManagementService.isRecordFolder(actionedUponNodeRef) == true) &&
|
||||
freezeService.isFrozen(actionedUponNodeRef) == false)
|
||||
{
|
||||
System.out.println("I am trying to freeze " + actionedUponNodeRef.toString());
|
||||
|
||||
freezeService.freeze((String) action.getParameterValue(PARAM_REASON), actionedUponNodeRef);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -27,14 +27,15 @@ import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.security.MutableAuthenticationService;
|
||||
import org.alfresco.service.cmr.security.PersonService;
|
||||
import org.alfresco.service.namespace.QName;
|
||||
import org.alfresco.util.GUID;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.BeanNameAware;
|
||||
import org.springframework.extensions.surf.util.I18NUtil;
|
||||
|
||||
/**
|
||||
* RM v2.1: RM admin user patch
|
||||
@@ -43,11 +44,15 @@ import org.springframework.beans.factory.BeanNameAware;
|
||||
*/
|
||||
public class RMv2RMAdminUserPatch extends ModulePatchComponent implements BeanNameAware
|
||||
{
|
||||
/** I18N */
|
||||
private static final String MSG_FIRST_NAME = "bootstrap.rmadmin.firstName";
|
||||
private static final String MSG_LAST_NAME = "bootstrap.rmadmin.lastName";
|
||||
|
||||
/** Logger */
|
||||
private static Log logger = LogFactory.getLog(RMv2RMAdminUserPatch.class);
|
||||
|
||||
/** default rm admin password */
|
||||
private String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD;
|
||||
/** generate rm admin password */
|
||||
private String password = GUID.generate();
|
||||
|
||||
/** mutable authenticaiton service */
|
||||
private MutableAuthenticationService authenticationService;
|
||||
@@ -64,14 +69,6 @@ public class RMv2RMAdminUserPatch extends ModulePatchComponent implements BeanNa
|
||||
/** file plan authentication service */
|
||||
private FilePlanAuthenticationService filePlanAuthenticationService;
|
||||
|
||||
/**
|
||||
* @param password rm admin password
|
||||
*/
|
||||
public void setPassword(String password)
|
||||
{
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param personService person service
|
||||
*/
|
||||
@@ -124,8 +121,8 @@ public class RMv2RMAdminUserPatch extends ModulePatchComponent implements BeanNa
|
||||
}
|
||||
|
||||
String user = filePlanAuthenticationService.getRmAdminUserName();
|
||||
String firstName = filePlanAuthenticationService.getRmAdminFirstName();
|
||||
String lastName = filePlanAuthenticationService.getRmAdminLastName();
|
||||
String firstName = I18NUtil.getMessage(MSG_FIRST_NAME);
|
||||
String lastName = I18NUtil.getMessage(MSG_LAST_NAME);
|
||||
|
||||
if (authenticationService.authenticationExists(user) == false)
|
||||
{
|
||||
|
||||
@@ -40,7 +40,6 @@ import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
|
||||
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
|
||||
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
|
||||
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationServiceImpl;
|
||||
import org.alfresco.repo.node.NodeServicePolicies;
|
||||
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
|
||||
import org.alfresco.repo.policy.JavaBehaviour;
|
||||
@@ -58,6 +57,7 @@ import org.alfresco.service.cmr.security.MutableAuthenticationService;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.service.cmr.security.PersonService;
|
||||
import org.alfresco.service.namespace.QName;
|
||||
import org.alfresco.util.GUID;
|
||||
import org.alfresco.util.ParameterCheck;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.apache.commons.logging.Log;
|
||||
@@ -65,6 +65,7 @@ import org.apache.commons.logging.LogFactory;
|
||||
import org.json.JSONArray;
|
||||
import org.json.JSONException;
|
||||
import org.json.JSONObject;
|
||||
import org.springframework.extensions.surf.util.I18NUtil;
|
||||
|
||||
/**
|
||||
* Role service implementation
|
||||
@@ -75,6 +76,10 @@ import org.json.JSONObject;
|
||||
public class FilePlanRoleServiceImpl implements FilePlanRoleService,
|
||||
RecordsManagementModel
|
||||
{
|
||||
/** I18N */
|
||||
private static final String MSG_FIRST_NAME = "bootstrap.rmadmin.firstName";
|
||||
private static final String MSG_LAST_NAME = "bootstrap.rmadmin.lastName";
|
||||
|
||||
/** Capability service */
|
||||
private CapabilityService capabilityService;
|
||||
|
||||
@@ -916,12 +921,12 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
|
||||
*/
|
||||
private void createRMAdminUser()
|
||||
{
|
||||
/** default rm admin password */
|
||||
String password = FilePlanAuthenticationServiceImpl.DEFAULT_RM_ADMIN_PWD;
|
||||
/** generate rm admin password */
|
||||
String password = GUID.generate();
|
||||
|
||||
String user = filePlanAuthenticationService.getRmAdminUserName();
|
||||
String firstName = filePlanAuthenticationService.getRmAdminFirstName();
|
||||
String lastName = filePlanAuthenticationService.getRmAdminLastName();
|
||||
String firstName = I18NUtil.getMessage(MSG_FIRST_NAME);
|
||||
String lastName = I18NUtil.getMessage(MSG_LAST_NAME);
|
||||
|
||||
if (authenticationService.authenticationExists(user) == false)
|
||||
{
|
||||
|
||||
@@ -33,16 +33,6 @@ public interface FilePlanAuthenticationService
|
||||
*/
|
||||
String getRmAdminUserName();
|
||||
|
||||
/**
|
||||
* @return rm admin first name
|
||||
*/
|
||||
String getRmAdminFirstName();
|
||||
|
||||
/**
|
||||
* @return rm admin last name
|
||||
*/
|
||||
String getRmAdminLastName();
|
||||
|
||||
/**
|
||||
* Run provided work as the global rm admin user.
|
||||
*
|
||||
|
||||
@@ -30,14 +30,11 @@ public class FilePlanAuthenticationServiceImpl implements FilePlanAuthentication
|
||||
{
|
||||
/** Default rm admin user values */
|
||||
public static final String DEFAULT_RM_ADMIN_USER = "rmadmin";
|
||||
public static final String DEFAULT_RM_ADMIN_PWD = "rmadmin";
|
||||
public static final String DEFAULT_RM_ADMIN_FIRST_NAME = "Records Management";
|
||||
public static final String DEFAULT_RM_ADMIN_LAST_NAME = "Administrator";
|
||||
|
||||
/** RM admin user name */
|
||||
private String rmAdminUserName = DEFAULT_RM_ADMIN_USER;
|
||||
private String rmAdminFirstName = DEFAULT_RM_ADMIN_FIRST_NAME;
|
||||
private String rmAdminLastName = DEFAULT_RM_ADMIN_LAST_NAME;
|
||||
|
||||
/** tennant service */
|
||||
private TenantService tenantService;
|
||||
|
||||
/**
|
||||
@@ -71,40 +68,6 @@ public class FilePlanAuthenticationServiceImpl implements FilePlanAuthentication
|
||||
return tenantDomain.length() > 1 ? rmAdminUserName + tenantDomain : rmAdminUserName;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param rmAdminFirstName rm admin first name
|
||||
*/
|
||||
public void setRmAdminFirstName(String rmAdminFirstName)
|
||||
{
|
||||
this.rmAdminFirstName = rmAdminFirstName;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#getRMAdminFirstName()
|
||||
*/
|
||||
@Override
|
||||
public String getRmAdminFirstName()
|
||||
{
|
||||
return rmAdminFirstName;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param rmAdminLastName rm admin last name
|
||||
*/
|
||||
public void setRmAdminLastName(String rmAdminLastName)
|
||||
{
|
||||
this.rmAdminLastName = rmAdminLastName;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#getRMAdminLastName()
|
||||
*/
|
||||
@Override
|
||||
public String getRmAdminLastName()
|
||||
{
|
||||
return rmAdminLastName;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService#runAsRMAdmin(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork)
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user